RSA Conference VideosThe latest videos from RSA Conference2015 RSA ConferenceGenericen-USTue, 03 Mar 2015 05:35:33 ESTCybercrime – Where Did We Go Wrong?Thu, 24 Jul 2014 12:00:00 EDT<p>Despite better technology, increased spending and cybercrime floating to be a top priority on the board agenda, we still see new intrusions happen at an unprecedented rate with larger and larger consequences. In this session, we will consider the approach organizations take to managing cyber security and why they might be setting themselves up for failure from the very start.</p>http://www.rsaconference.com/media/cybercrime-where-did-we-go-wrong
Breaches: Avoiding 'Victim's Fatigue'Thu, 01 May 2014 12:00:00 EDT<p>Kevin Mandia, Senior Vice President/COO, FireEye<br />Tom Field, Vice President of Editorial Information Security Media Group</p>
<p>Cybersecurity is the only crime where the victim needs to apologize, says Kevin Mandia, founder of the data breach mitigation services firm Mandiant.</p>
<p>"It's startling that it got that way," he said in a Feb. 27 keynote address at the RSA Conference 2014 in San Francisco.</p>
<p>Mandia offered a variation of the old saw about two types of organizations: those that have been breached and those that don't know it.</p>
<p>"If you're an F in cybersecurity or an A in cybersecurity, an attack has the same chance of being successful," Mandia said. "If you're an F in cybersecurity, you never find out and your boss says, 'Whew, nothing happened.'"</p>
<p>Organizations with a grade of A will learn from their experiences and take steps to mitigate future breaches, he says. But unfortunately, many of these organizations soon become vulnerable again.</p>
<p>Here's how Mandia put it: Victims of cyber-attacks expand their IT security teams shortly after the breach and aggressively combat the attackers. Six months later, after no new breaches occur, management thinks, "You know, we don't have to do this stuff anymore." The top cybersecurity experts hired to prevent future breaches get bored and move onto more challenging jobs. Then, the company gets breached again.</p>
<p>He characterized this syndrome of companies letting their guard down as "victim's fatigue."</p>
<p>Mandia said it isn't that cyber-assailants are smarter than IT security pros hired to safeguard systems. But attackers need only to break into one device, whereas IT security specialists need to protect thousands of devices. "It's easier to shatter crystal than to shape it," he said.</p>
<p>Mandiant, acquired for more than $1 billion in December by FireEye, came to prominence a year ago when it released a report directly implicating the Chinese military in cyber-espionage (see 6 Types of Data Chinese Hackers Pilfer).</p>
<p>In his address, Mandia revealed that his firm had intercepted resumes of members of the Chinese attack team bragging about their assaults on Western organizations.</p>http://www.rsaconference.com/media/breaches-avoiding-victims-fatigue
Foreign Spies and Facebook: The Undeniable TruthWed, 23 Apr 2014 12:00:00 EDT<p>It is strange to acknowledge that almost every country in the world would like to send its best spies for undercover work at Facebook. Facebook face recognition mechanism, together with its vast access to private and sensitive information, makes it goldmine for intelligence officers around the world. Of course, not just Facebook takes part in this game—also Google, Microsoft and many others.</p>http://www.rsaconference.com/media/foreign-spies-and-facebook-the-undeniable-truth
The Art of Attribution: Identifying and Pursuing your Cyber AdversariesMon, 21 Apr 2014 12:00:00 EDT<p>Imagine someone physically breaks into your company's offices and goes through all your files—would you not want to know if it was your competitor or a petty thief? Would you not want to know the answer to the same question if the intrusion had been virtual? Find out why cyber attribution is critical to your business security strategy and learn how to identify and pursue your cyber adversaries.</p>http://www.rsaconference.com/media/the-art-of-attribution-identifying-and-pursuing-your-cyber-adversaries
Using Data Breadcrumbs to ID Targeted AttacksFri, 18 Apr 2014 12:00:00 EDT<p>Without copies, samples or details how can one possibly prevent, contain and inform on targeted and sponsored attacks? This session will demonstrate how to use big data and science to gather Internet bread crumbs about attacks. The speaker will explain the role that data, traffic, telemetry analysis and graphing, can play in extracting security intelligence about zero-day threats.</p>http://www.rsaconference.com/media/using-data-breadcrumbs-to-id-targeted-attacks
Project 2020: Preparing Your Organization for Future Threats … TodayFri, 18 Apr 2014 12:00:00 EDT<p>Hear the results of Project 2020, which is an ICSPA initiative, driven by Trend Micro and EuroPol, that imagines the technology landscape in the year 2020 and tries to predict the cyber criminal opportunities in that new world. Attendees will understand how countries and corporations may be affected by these threats and learn what they can do today to prepare their organizations for the future.</p>http://www.rsaconference.com/media/project-2020-preparing-your-organization-for-future-threats-today
Cyber Vigilante or Self Defense?Tue, 15 Apr 2014 12:00:00 EDT<p>As attacks on private-sector critical cyber infrastructure increase in frequency and sophistication, affected companies must adapt. How can companies better work with government during an attack? With respect to self-help, is retaliation permissible? Where is the line between passive defense and questionable active counter measures?</p>http://www.rsaconference.com/media/cyber-vigilante-or-self-defense
The “Frenemy” Within – Employee Attitudes on IP TheftWed, 20 Nov 2013 12:00:00 EST<p class="p1">When it comes to taking your intellectual property (IP), employees are the less obvious player but they can be frenemy #1. Symantec will share new research into employee behavior and attitudes toward IP theft that may surprise you. You will also learn some practical steps that you can start implementing that will help put a stop to the flow of IP to your competitors.</p>
<p class="p1"><a class="file pdf" href="/writable/files/rsac_symantec_webcast_11-20-13.pdf">Download the presentation deck.</a> </p>http://www.rsaconference.com/media/the-frenemy-within-employee-attitudes-on-ip-theft
Criminal Education: Lessons from the Criminals and their MethodsThu, 28 Feb 2013 12:00:00 EST<p>Market forces are organizing our adversaries, driving cooperation, specialization and efficient predatory behavior. Their rapid adoption of new technologies and efficacy in information sharing have trumped our more static defenses. Learn why security frameworks like ISO or PCI hinder security, and how improvements such as benchmarking can persuade criminals to look elsewhere for targets.</p>http://www.rsaconference.com/media/criminal-education-lessons-from-the-criminals-and-their-methods
The Lifecycle of CybercrimeThu, 28 Feb 2013 12:00:00 EST<p>Trustwave and the U.S. Secret Service will highlight cybercrime trends from forensic investigations compiled in the 2013 Trustwave Global Security Report. The presentation will discuss the lifecycle of attacks including criminal motivations behind attacks, techniques used to infiltrate organizations, data aggregation methods, data exfiltration techniques and financial impact.</p>http://www.rsaconference.com/media/the-lifecycle-of-cybercrime
Life as a TargetThu, 28 Feb 2013 12:00:00 EST<p><span>The speaker worked at NSA for 41 years; as such, he was a target for foreign espionage. The talk will cover foreign espionage in the cold war of the 70s and will give examples of some of the tools and techniques that were used. The talk will go on to discuss today's world in which we are all targets and how we have to learn to live our on-line lives as targets.</span></p>http://www.rsaconference.com/media/life-as-a-target
Sorry? Who Did You Say You Were? - Exploiting Identity for Fun and ProfitWed, 27 Feb 2013 12:00:00 EST<p><span>"Hello, this is Microsoft, your computer has a problem"—A lie to get your credit card, but a lack of trusted identity allows the bad guys to get away with this and worse. Learn about the root-cause problems of identity and a critical look at attempts to address this—including NSTIC. Learn why the Jericho Forum's Identity Commandments and CSA's Domain 12 are critical to fixing the problem.</span></p>http://www.rsaconference.com/media/sorry-who-did-you-say-you-were-exploiting-identity-for-fun-and-profit
When State Actors and Cybercriminals Join HandsTue, 26 Feb 2013 12:00:00 EST<p><span>For years we've talked about a future in which nations and individual Cybercriminals will join hands. Is this future happening now? Trojan kits that feature APT-like tools, botnets controlled by states, and cybercriminals selling government and military accounts to the highest bidder. Coincidence? Or are the worlds of Cyber Espionage and Cyber Crime closer than ever?</span></p>http://www.rsaconference.com/media/when-state-actors-and-cybercriminals-join-hands
Cyber Crime, Easy as Pie and Damn IngeniousFri, 08 Feb 2013 12:00:00 EST<p><span>In this webcast James Lyne will review a series of the latest attack frameworks being used for cyber criminals showing the latest exploit packs and targeted malware seen in the wild from the eyes of the hacker and the end user. James will also review some of the new attack vectors with RFID, NFC, Mobile and upcoming operating systems. Come and learn what's going on and enjoy bashing some hex.</span><br /><br /><span>Day to day James is responsible for evaluating and analyzing key business and technology trends to inform Sophos' technology vision. Aside from research, James spends a significant portion of his time meeting with many of the world's largest or most critical enterprises and infrastructure owners, advising them on security and strategy. James is a frequent spokesperson at industry forums to build awareness and develop future threat protection strategy. He has chaired and worked with government bodies to modernize policy, authored white papers, filed patents and tech authored books.</span><br /><br /><span>Backed by a background in maths, focused on cryptography and a detailed hands on experience of computer threats James still has a fascination with the detail.</span></p>http://www.rsaconference.com/media/cyber-crime-easy-as-pie-and-damn-ingenious